What Is AWS GovCloud (US)?

AWS GovCloud (US) are isolated AWS Regions designed to allow U.S. government agencies
and
customers to move sensitive workloads into the cloud by addressing their
specific regulatory and compliance requirements, including Federal Risk and Management
Program (FedRAMP) High
Department of Defense Security Requirements Guide (DoD SRG) Impact Level 5, and Criminal
Justice Services (CJIS).
The AWS GovCloud (US) adheres to U.S. International Traffic in Arms Regulations (ITAR)
requirements.

You can run workloads that contain all categories of Controlled Unclassified Information
(CUI) data and government-oriented, publicly available data in AWS GovCloud (US).
For a list
of compliance frameworks, see AWS GovCloud (US) Security. AWS GovCloud (US) supports the management of
regulated data by offering the following features:

Restricting physical and logical administrative access to AWS personnel that are U.S.
citizens
only.

Providing FIPS 140-2 endpoints. (For details on each service, see the Service Endpoints
section.)

Depending on your requirements, you can also run unclassified workloads in the
AWS GovCloud (US) regions; and use the unique capabilities of these regions.

Note

AWS manages physical and logical access controls for the AWS boundary. However, the
overall security of your workloads is a shared responsibility, where you are responsible
for controlling user access to content in your AWS GovCloud (US) account.

The AWS GovCloud (US) User Guide provides details on setting up your
AWS GovCloud (US) account, identifies the differences between AWS GovCloud (US) Regions
and other
AWS Regions, and defines usage guidelines for processing ITAR-regulated data within
the
AWS GovCloud (US). This guide assumes that you are familiar with Amazon Web Services (AWS).